IETF Logo Mail Archive

Re: [v6ops] [dhcwg] SLAAC renum: Problem Statement & Operational workarounds

Owen DeLong <owen@delong.com> Thu, 31 October 2019 05:17 UTC

Return-Path: <owen@delong.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4169120074; Wed, 30 Oct 2019 22:17:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.998
X-Spam-Level:
X-Spam-Status: No, score=-6.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=delong.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ovM0HAALVaq1; Wed, 30 Oct 2019 22:17:53 -0700 (PDT)
Received: from owen.delong.com (owen.delong.com [IPv6:2620:0:930::200:2]) by ietfa.amsl.com (Postfix) with ESMTP id BB827120052; Wed, 30 Oct 2019 22:17:50 -0700 (PDT)
Received: from [172.20.0.85] (rrcs-97-79-186-2.sw.biz.rr.com [97.79.186.2]) (authenticated bits=0) by owen.delong.com (8.15.2/8.15.2) with ESMTPSA id x9V3Eavs031708 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 30 Oct 2019 20:14:37 -0700
DKIM-Filter: OpenDKIM Filter v2.11.0 owen.delong.com x9V3Eavs031708
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delong.com; s=mail; t=1572491678; bh=/TuYGHNF/Xf5fIQZOpd30YmtBDKOW6yAaFSDQLcj2l8=; h=From:Subject:Date:In-Reply-To:Cc:To:References:From; b=OBmq6S9H9uCvJ8dOvYRWr7sagdGW64c1joXLI3v/5iiUs8Xv8OSJXEkbwAePAURCx leNjTugZKNfzaJGfMb9KAytWH7gZCCrasjCxQE8O8D+uq5zIPXGXk3gNF08UmWXuZT 9G7ocEy/jyxd9zwRiTd3Viaw6caBDe14Ef7kCOBg=
From: Owen DeLong <owen@delong.com>
Message-Id: <CBFE1DD1-FF00-4D21-B1E6-2CD1E722EA60@delong.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_3176AF5B-12E6-420B-A300-1584605D3336"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\))
Date: Wed, 30 Oct 2019 20:14:36 -0700
In-Reply-To: <CAO42Z2xQ99cjjJzySRS7T32dBYzeyXH8FVH56enuHLE8Eqz=_Q@mail.gmail.com>
Cc: "Bernie Volz (volz)" <volz@cisco.com>, dhcwg@ietf.org, IPv6 Operations <v6ops@ietf.org>, Bud Millwood <budm@weird-solutions.com>
To: Mark Smith <markzzzsmith@gmail.com>
References: <MWHPR1101MB2288616D545F3DAD1D1734A1CF600@MWHPR1101MB2288.namprd11.prod.outlook.com> <CAOpJ=k06SRAHR7S+UmvFu=zvyk8j_uica2gdbBij+5pr+Jykww@mail.gmail.com> <C0A66DA1-29DE-456A-934D-7ECC07575336@cisco.com> <8755B40E-4075-4AAC-BF59-19B6DF9BA6D1@cisco.com> <B23EE439-1509-43FB-9813-F330117DBF42@fugue.com> <CAOpJ=k25ML8Z0_QRN8yoYdXut=tsZBwtBZEstceT45csb1Aunw@mail.gmail.com> <E8D9F8C2-C4C1-44CC-AB06-87A3461B704A@fugue.com> <A72A93B2-B947-4365-A811-50D8908B01EA@cisco.com> <F2F145F7-E678-48C9-A765-BD2D22F793EE@delong.com> <CAO42Z2xQ99cjjJzySRS7T32dBYzeyXH8FVH56enuHLE8Eqz=_Q@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.8)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (owen.delong.com [192.159.10.2]); Wed, 30 Oct 2019 20:14:38 -0700 (PDT)
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/Gz3-J0lacmxY-ZLo6jXoB1zZof8>
Subject: Re: [v6ops] [dhcwg] SLAAC renum: Problem Statement & Operational workarounds
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2019 05:17:56 -0000


> On Oct 30, 2019, at 7:12 PM, Mark Smith <markzzzsmith@gmail.com> wrote:
> 
> 
> 
> On Thu, 31 Oct 2019, 12:40 Owen DeLong, <owen@delong.com <mailto:owen@delong.com>> wrote:
> 
> 
>> On Oct 30, 2019, at 5:53 PM, Bernie Volz (volz) <volz@cisco.com <mailto:volz@cisco.com>> wrote:
>> 
>> Mark Smith on v6ops ml wrote:
>> 
>> “I think Ole observed that this is contrary to what the PD prefix's Valid Lifetime said would be the case. The ISP supplied a PD Prefix with a Valid Lifetime of X seconds, and then broke that promise by abruptly changing addressing before X seconds. ISPs should be expected to live up to their Valid Lifetime promises.”
> 
> Sure, but in the real world, there is an entire class of ISPs that have repeatedly demonstrated utter and near complete disregard for such niceties as promises to customers (e.g. most major eyeball ISPs in the US at a minimum), so having CPE behavior that accommodates this fact in favor of the user will likely lead to a better user experience than stomping or feet and insisting that ISPs behave properly.
> 
> So if some enterprise network operators said to the IETF,
> 
> "We want to be able to change the VLAN assignments of any of our IPv6 hosts randomly and unexpectedly, including at 9:10 am when everybody is checking their email, and have the hosts handle that entirely seamlessly."
> 
> would we consider that to be a reasonable request?

Probably not, but we’re not asking that and we’re not asking for the hosts to handle it.

We’re asking for CPE routers in residential and SMB environments  to handle what is already a common behavior of residential and SMB ISPs through a relatively simple CPE change.

Owen

> 
> 
> 
>> And it would be worth better understanding exactly what happens in these situations (perhaps it was covered earlier but I missed or lost that)  ... if the Prefix configuration really is radically changed, even the SP dhcp server may be unable to assist.
> 
> With what is being proposed, the SP DHCP server doesn’t need to assist. The CPU should write the set of received prefixes and their expected expiration times (preferred, valid) to persistent storage. The CPU should update this when a packet making a change to these timers is received. It should make every effort to deprecate prefixes it cannot renew from the links where it previously advertised them.
> 
> This doesn’t require anything special on the SP side.
> 
> Owen
> 
>> 
>> - Bernie
>> 
>> On Oct 30, 2019, at 7:32 PM, Ted Lemon <mellon@fugue.com <mailto:mellon@fugue.com>> wrote:
>> 
>>> On Oct 30, 2019, at 7:18 PM, Bud Millwood <budm@weird-solutions.com <mailto:budm@weird-solutions.com>> wrote:
>>>> It's not so much about the lifetime of the prefix as about putting two
>>>> prefixes in a reply to a request, right? And any CPE that can't handle
>>>> that gracefully gets hosed. I agree that providers of course need to
>>>> test this feature, and a server side configuration makes that
>>>> possible. Also, I'm all for firmware upgrades, but requiring it to fix
>>>> a hosed CPE is could be a big issue.
>>> 
>>> The thing is, if they can’t handle a two-PD response, they are out of spec.  This is already allowed in the RFC.
>>> 
>>> Granted, there may be plenty of CPEs that won’t handle this correctly.   If they can be bricked by a message with two PDs, then bricking them is the right thing to do, because that’s a zero-day vulnerability wide open on the customer network.
>>> 
>> _______________________________________________
>> v6ops mailing list
>> v6ops@ietf.org <mailto:v6ops@ietf.org>
>> https://www.ietf.org/mailman/listinfo/v6ops <https://www.ietf.org/mailman/listinfo/v6ops>
> 
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org <mailto:v6ops@ietf.org>
> https://www.ietf.org/mailman/listinfo/v6ops <https://www.ietf.org/mailman/listinfo/v6ops>

v2.23.0 | Report a Bug | By Email